Web lists-archives.com

Re: [Samba] force re-authentication when accessing different shares




On 1/21/19 11:04 AM, Rowland Penny via samba wrote:
On Mon, 21 Jan 2019 10:43:35 -0400
Robert Marcano via samba <samba@xxxxxxxxxxxxxxx> wrote:

On 1/21/19 10:24 AM, Harald Glanzer via samba wrote:
hello & thx for your fast response!

i need a way to create samba shares without creating system user
accounts:

- add users via smbpasswd with unique password
- no need for a corresponding useraccount in /etc/passwd
- access to the corresponding shares should be independent from any
domain (i.e. the share should be accessable
via windows client)

Is't this a reimplementation on winbind nss interface?. Why not just
use winbind with one of it's mapping strategies. I am pretty sure it
should work for standalone servers.


idmap_nss maps Unix users to Domain users, it needs users
in /etc/passwd, the OP doesn't want this.

But shouldn't something like

  idmap config * : backend = tdb
  idmap config * : range = 1000000-2000000

and the propper winbind entries on /etc/nsswitch.conf be enough?

I am assuming Samba working on standalone mode will try to locate the user on the passwd database via nss and then the idmap config is used, looking for the user and creating a new mapping if not found.


Rowland




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba